Product concerned: SNS 4.x
Last udpate: November 2019
The aim of this document is to guide the administrator of a Stormshield Network firewall in configuring and operating the embedded BIRD dynamic routing module.
To begin with, the configuration environment as well as the interaction modes with the routing engine will be described. Next, a simple typical configuration for the three routing protocols BGP, RIP & OSPF will be explained. These examples provide an opportunity for learning about the configuration structure of protocols, peripheral elements, filtering and status displays. The last section focuses on a more complex configuration.
Take note that BIRD offers multiple configuration options, especially for the exchange of routes between processes, their filters or a pseudo-virtualization of routing instances. These advanced elements are specific to BIRD and are not included in the scope of the document. Likewise, the use of BGP ROAs will not be covered but they are supported by BIRD.
Configuration via the web administration interface
Dynamic routing can be enabled or disabled in the Routing module of the web administration interface.
The Dynamic routing and Dynamic routing IPv6 (if IPv6 support has been enabled) tabs make it possible to edit configuration files bird.conf in IPv4 and bird6.conf in IPv6.
When the configuration is sent to the firewall, and if there are syntax errors, a message indicating the row containing an error will inform the user of the need to correct the configuration.
The previous configuration file will not be backed up before it has been modified. You are therefore advised to copy it (CTRL+A/CTRL+C), and paste it into a text editor in order to back up the file.
However, the interface editor does not allow access to Birdc and birdc6 interactive modes, which enable control over dynamic routing (testing the operation of a new configuration through a temporary configuration and viewing statuses).